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AMENDMENT TO THE CLAIMS 

1 . (Currently Amended) A computer-implemented method for enhancing the security of 
communication over a network, the method comprising: 

receiving a set of authentication credentials from a user; 

receiving from the user a request that requires communication over the network with a 
remote system; 

applying a collection of security privileges to the set of authentication credentials to 
determine if the user is authorized to carry out the request wherein applying 
comprises applying based at least in part upon a role-based determination that 
involves referencing a record that assigns access privileges to various roles that 
can be assumed by the user; 

selectively transmitting a security certificate over the network to the remote system, the 
certificate containing a public key; 

receiving from the remote system a session ticket that has been encrypted with the public 
key; 

decrypting the session ticket with a corresponding private key; 
using the session ticket as an authenticator for subsequent communications with the 
remote system^ 

wherein the remote system is a service provider configured to extend the functionality of 
a software application by remotely providing a service, and wherein selectively 
transmitting therefore comprises selectively transmitting the security certificate to 
the service provider; 

wherein receiving from the user a request comprises receiving from the user a request for 
delivery of the service provided remotely by the service provider: 

wherein selectively transmitting comprises transmitting only when the collection of 
security privileges indicates that the user is authorized to receive the service 
provided remotely by the service provider: 



wherein using the session ticket comprises using the session ticket to secure 

communications associated with the service provider extending the functionality 
of the software application; and 

wherein receiving a set of authentication credentials comprises receipt of the 

authentication credentials by a first computing device, the first computing device 
being the same computing device upon which operates the software application 
that receives the extended functionality from service provider, and wherein the 
first computing device is the same computing device upon which the role-based 
determination is made, the record that is referenced as part of that determination 
being stored on the first computing device, and wherein selectively transmitting a 
security certificate to the service provider further comprises transmitting the 
security certificate from the first computing device to the service provider, and 
wherein using the session ticket to secure communications further comprises 
using the session ticket to secure direct communications between the service 
provider and the first computing device. 

2. (Cancelled) 

3. (Cancelled) 

4. (Cancelled) 

5. (Currently Amended) The method of claim 41, wherein using the session ticket comprises 
using the session ticket without requiring the user to re-submit the set of authentication 
credentials, 

6. (Currently Amended) The method of claim wherein using the session ticket 
comprises using the session ticket until it expires. 
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7. (Currently Amended) The method of claim ^i, wherein: 

selectively transmitting a security certificate to the remote system comprises selectively 
transmitting a security certificate to a remote application configured to extend the 
functionality of a software application by providing access to information; and 

receiving from the user a request comprises receiving a request for access to the 
information. 

8. (Original) The method of claim 1, wherein selectively transmitting a security certificate 
comprises selectively transmitting a security certificate that contains an embedded indication of 
the identity of an entity associated with which the user is associated. 

9. (Previously Amended) The method of claim 1, wherein applying a collection of security 
privileges further comprises applying access rights that are distributed relative to a plurality of 
user accounts. 

10. (Cancelled) 

11. (Previously Amended) The method of claim 9, wherein applying a collection of security 
privileges comprises applying access rights based at least in part upon a determination of which 
roles are assigned to a user account associated with a user. 

12. (Currently Amended) A computer-implemented method for enhancing the security of 
communication over a network, the method comprising: 

generating a public key and a corresponding private key; . 
storing the private key; 

transmitting the public key over the network to a registration service; 

receiving from the registration service a security certificate that includes the public key; 
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transmitting the security certificate over the network to an entity with which a channel of 

communication is desired; 
receiving from the entity a session ticket encrypted with the public key; 
decrypting the session ticket with the private key;-and 

using the session ticket as an authenticator for subsequent communications with the 
entity, wherein using the session ticket comprises using the session ticket as a 
cryptography key for encrypting or decrypting messages T and 

wherein receiving a session ticket from the entity comprises receipt of the session ticket 
by a first computing device: 

wherein decrypting the session ticket with the private key is a function that occurs via 
processing executed by the first computing device: and 

wherein using the session ticket as an authenticator further comprises using the session 
ticket as an authenticator for subsequent communications between the entity and 
the first computing device. 

13. (Cancelled) 

14. (Original) The method of claim 12, wherein transmitting the security certificate over the 
network comprises transmitting the security certificate to a service provider configured to extend 
the functionality of a software application by remotely providing a service. 

15. (Original) The method of claim 14, wherein using the session ticket comprises using the 
session ticket to secure communications with the service provider. 

16. (Original) The method of claim 12, wherein transmitting the security certificate over the 
network comprises transmitting the certificate to a remote peer. 

17. (Original) The method of claim 16, wherein transmitting the security certificate over the 



network comprises transmitting the security ticket from a first application host to a second 
application host. 



18. (Cancelled) 

19. (Cancelled) 

20. (Cancelled) 

21. (Cancelled) 

22. (Cancelled) 

23. (Cancelled) 

24. (Cancelled) 

25. (Cancelled) 

26. (Currently Amended) A computer-implemented method for enhancing the security of 
communication over a network between multiple peer application hosts, the method comprising: 

receiving a security certificate from a first application host; 
generating a session ticket; 

encrypting the session ticket with a public key contained in the security certificate; 
transmitting the session ticket to the first application host;-a«4 

receiving a message from the first application host, the message being at least partially 
encrypted in accordance with the session key prior to its being encrypted with the 
public kevr ; and 
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wherein said steps of receiving a security certificate, generating, encrypting, transmitting, 
and receiving a message are all conducted via processing by the same computing 
device. 

27. (Original) The method of claim 26, further comprising: 

generating a response message; 

encrypting the response message; and 

transmitting the message to the first application host. 

28. (Original) The method of claim 26, further comprising authenticating the certificate. 



29. ( Original ) The method of claim 26, wherein authenticating the certificate comprises 
interacting with an authentication service to validate an expression of the first application host's 
identity. 



